Day FOUR of the GitHub web assault: Activists point fingers at 'China's global censorship'

Code repository warns of 'evolving' attacks

With the GitHub distributed denial-of-service (DDoS) attack nearing its fifth day of bombardment, the code-sharing upstart said it is holding up well under fire.

The site said as of Monday afternoon, Pacific Time, it is still operating at 100 per cent, despite a continuing flow of malicious traffic to its servers. GitHub said the attack "has evolved," but wouldn't provide any further information.

GitHub's status page on Monday

When word of the assault first broke, security researchers suggested miscreants behind the attack were targeting GitHub projects that help circumvent the Great Firewall of China – a censorship apparatus that prevents access to anti-state websites.

It appears a JavaScript file served from within China by Baidu's advertising network is being intercepted by the country's border routers, and silently altered to fire repeated HTTP requests at GitHub.com.

People, millions potentially, from outside China visiting websites that use Baidu's ad network are being used to unwittingly attack the California-headquartered biz: their browsers silently bombard GitHub's servers while surfing websites that use Baidu's China-based network.

GitHub acknowledged the attack appeared to be targeting "a specific class of content," but stopped short of pointing the finger at China.

Anti-censorship campaign group Greatfire.org said in a blog post the attacks are an effort to shut down its GitHub-hosted project, and an extension of an attack on anti-censorship groups by Chinese authorities.

The blog itself appears to be taken offline at time of writing, along with the rest of the greatfire.org, though a cached page shows the entry in full.

The post confirms earlier reports that the attack is being carried out by malicious JavaScript code injected into unencrypted Baidu traffic.

"The URL to access our GitHub page is hardcoded into the malicious JavaScript," the group writes.

"Our page is still accessible ... The GitHub attack is still ongoing and the malicious JS is still being injected for approximately 1 per cent of foreign visitors to websites that are using elements from Baidu."

Greatfire goes on to point the finger for the attacks directly to the Cyberspace Administration of China (CAC). The group argues that the CAC is deliberately trying to weaponize its Great Firewall to perform international attacks.

"This is a frightening development and the implications of this action extend beyond control of information on the internet," the Greatfire team wrote.

"In one quick movement, the authorities have shifted from enforcing strict censorship in China to enforcing Chinese censorship on internet users worldwide." ®